I simply appended the URL with the parameters I wanted. I set the “debug” flag to a true value, and put in a junk username and password.
Since that showed me what query was being ran, I modified it to inject some code (“ or 1=1 — ) to return all rows in the table, guaranteeing that at least one entry would show up. This ends up changing the SQL query to do a comparison based on username, OR where 1=1, which is always true. After that, the ”— “ simply comments out the rest of the query, so that no issues arise from stuff later on. Make sure to have a space after the dashes, else it may not work. Once everything was completed, it showed me the password to the next level.